(1) Each governmental entity of the state shall create a privacy policy for the purpose of standardizing within such governmental entity the collection, storage, transfer, and use of personally identifiable information by such governmental entity. The policy of each governmental entity shall address, but shall not be limited to, the following:
A general statement declaring support for the protection of individual privacy;
A provision for the minimization of the collection of personally identifiable information to the least amount of information required to complete a particular transaction;
Clear notice of the applicability of the "Colorado Open Records Act" pursuant to part
2 of this article;
A method for feedback from the public on compliance with the privacy policy; and
A statement that the policy extends to the collection of all personally identifiableinformation, regardless of the source or medium.
(a) Any governmental entity that operates a world wide website as of August 7, 2002, shall establish and publish on its website a privacy policy pursuant to this part 5 no later than July 1, 2003.
Any governmental entity that does not operate a world wide website as of August 7,2002, and begins operation of a website before July 1, 2003, shall establish and publish on its website a privacy policy pursuant to this part 5 by July 1, 2003.
In no event shall a governmental entity be permitted to operate a world wide websiteafter July 1, 2003, without first establishing a privacy policy pursuant to this part 5. The privacy policy shall be published on such governmental entity's website as of the first day of operation of such website.
Nothing in this section shall be construed to create a private cause of action based onalleged violations of this section.
Source: L. 2002: Entire part added, p. 774, § 1, effective August 7. L. 2009: (1)(c) amended, (SB 09-292), ch. 369, p. 1969, § 80, effective August 5.